Business continuity events will continue to occur and threaten businesses around the globe. Being prepared and knowing how to respond makes the difference between corporate survival and corporate failure. The planning and preparatory work, as well as the associated costs, can seem overwhelming when using conventional tools. Positive lessons can be learned from Japanese businesses, organizations and communities with solid plans in place that prevented further loss of life and damage. Join us to discuss some of the issues facing the Business Continuity community today: • Continuity Statistics – What do they show? What do they hide? • Can we learn lessons from Japan? • Emerging BCM methodologies – Where is the industry heading?

1. Business Continuity Management

2. Presenter
Jeremy Kaye, VP GRC Strategy
+44 20 7903 5139
jeremy.kaye@easy2comply.com
Confidential

3. Housekeeping
• The slides for this event will be distributed
afterwards
• The webinar recording will be archived on
easy2comply website
• Answer all the polls
• Q & A at the end
Confidential

4. Dedication
We dedicate this webinar
to all those that lost their
life in the Japan
earthquake, those that
were injured, and to those
that survived
Our thoughts and wishes
are with the Japanese
people
Confidential

5. What is easy2comply?
easy2comply is a functionally-rich software
solution, that enable companies to effectively
manage multiple GRC processes on a single
platform
Confidential

6. Webinar Focus
• Continuity Statistics
• Learning From Japan
• Methodologies
• Easy2comply New Techniques
Confidential

7. Statistics….
• 43% of companies experiencing disasters never re-open,
and 29% close within two years (McGladrey and Pullen)
• A company that experiences a computer outage lasting
more than 10 days will never fully recover financially (DRP
– Jon Toigo)
• 88% of e-commerce is not
covered by a DR / BC plan (HP)
• 42% of managers do not believe
their plans would be effective
(HP)
Confidential

8. ….and more statistics
• 50% of UK businesses do not
have a BC plan
• 79% of those that had plans and
were forced to use them found
a significant reduction in the
impact
• Fewer than half that had plans
actually tested them
• Only a quarter of BC managers
had a dedicated budget
Confidential

9. Hourly Cost of Downtime
Event Per Hour
Brokerage House / Large e-commerce site $6,400,000
Credit Card Sales & Authorization $2,600,000
Catalog Sales $90,000
Package Shipping & Transportation $28,000
UNIX Networks $75,000
PC LAN $18,000
Source: Quantum Corporation
Confidential

10. Some questions about TIME…
• Consider how each of your critical services could continue
during a prolonged power loss. …now think about a loss of
power lasting for 24 hours…
• Which of your critical
services would be
jeopardised if your building
was evacuated for a week
with all access denied?
• Which services would be
affected if access were
denied for a whole month?
Confidential

11. Some questions about DEPENDENCIES…
How many staff would be Do you have an alternative
needed to continue to cover building or premises in which to
critical tasks and how would you work effectively? Is this sufficient?
accommodate them? Can staff work from home?
Do you need access to any Do you have sufficient back-
services not currently available up for your data, both
at your temporary site? electronic and paper?
Confidential

12. Webinar Focus
• Continuity Statistics
• Learning From Japan
• Methodologies
• Easy2comply New Techniques
Confidential

13. Japan Aftermath
• Multinationals to assume business will be severely
disrupted
• Supply chain disruption linked to infrastructure,
energy, utilities and transportation
• Despite history, many companies manage supply
chain risk ineffectively
• Need understanding of markets
they sell to, suppliers they rely on,
and critical dependencies
• Effective planning can sometimes
make all the difference whether a
company survives or not
Confidential

14. Disaster Recovery Failures
Confidential

15. Top BCM Challenges
• Lack of resources
• Difficult to gain senior management support
• Obtaining wider buy-in from across company
Confidential

16. Webinar Focus
• Continuity Statistics
• Learning From Japan
• Methodologies
• Easy2comply New Techniques
Confidential

17. What is BCM?
“Business Continuity Management is a business
owned and driven activity that can provide the
strategic and operational framework to review the
way your organisation provides its products and
services and increase its resilience to disruption,
interruption or loss.”
Business Continuity Institute
Confidential

18. What is BCM?
• Business Continuity Management is a
management process…
• … that identifies potential impacts that threaten
an organisation…
• … and provides a framework for building
resilience…
• … and the capability for an effective response …
• … which safeguards the interests of its …
• … key stakeholders, reputation, brand and value
creating activities.
Confidential

19. Who is BCM relevant to?
• Any organisation, large or
small, from any sector
• High risk environments:
finance / telcos / transport /
public sector
• Where need to continue
operating is essential, for
organisation, customers and
stakeholders
Confidential

20. Why is BCM important?
• Business will increase its recovery capabilities
dramatically
• Make the right decisions quickly, cut downtime and
minimise financial losses
• Being prepared is key as it gives confidence
• Demonstrates duty of care to
customers and suppliers
• Helps safeguard company
reputation
Confidential

21. Business Continuity Levels
• RTO Recovery Time Objective
• MTPoD Maximum Tolerable Period of
Disruption
MTPoD > RTO
Confidential

22. Definitions
• RTO: Maximum amount of time that a system
resource can remain unavailable before there
is an unacceptable impact on other resources
or functions
• MTPoD: Total amount of time managers are
willing to accept for a mission/business
process outage or disruption
Confidential

23. BC Levels (Example)
BC Level RTO MTPoD
1 48 hours 5 Days
2 24 hours 4 Days
3 8 hours 3 Days
4 4 hours 2 Days
5 2 hours 1 Day
Confidential

24. Working as Total Recovered Recovered
Normal Failure Minimum Level Normal Level
100 Desired Process
Level
90
80
Process Level (%)
70
Desired time
60 target to Maximum
acceptable time
achieve
50 below minimum
minimum
level
process level Acceptable
40
Minimum Process
30 MTPoD Level
20
RTO
10
0
0 2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 32 34 36 38 40 42 44 46 48
Time Horizon (hrs)
Confidential

25. Webinar Focus
• Continuity Statistics
• Learning From Japan
• Methodologies
• Easy2comply New Techniques
Confidential

26. Business Continuity Methodology
Business Structure and Location
Required Resource Analysis
Mapping
Process Mapping Scenario Identification
Scenario Impact on Resources
People Resource Dependency
and Locations
IT Resource Dependency Building the BCP Plan (Gantt)
Business Impact Analysis (BIA)
Scenario Testing
on Process
Define BC Level (RTO / MTPoD) Testing vs. BCP Comparison
Confidential

27. Screenshots
Confidential

28. Screenshots
Confidential

29. Conclusions
• Don’t ignore BCP – things happen that are out
of our control
• Studies show that preparation does help to
reduce negative outcomes
• Secure management support – you’ll be lost
without it
• Ensure BC plans are clear and concise
• Test, test and test again!
Confidential

30. Q&A
Jeremy Kaye, VP GRC Strategy
+44 20 7903 5139
jeremy.kaye@easy2comply.com
Confidential

31. Thank You
Visit our website:
www.easy2comply.com